ASB-A-161149543
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-161149543.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-161149543
- Aliases
-
- A-161149543
- CVE-2021-0688
- Published
- 2021-09-01T00:00:00Z
- Modified
- 2026-06-09T15:27:06.151355248Z
- Summary
- [none]
- Details
-
In lockNow of PhoneWindowManager.java, there is a possible lock screen bypass due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "High",
"vanir_signatures": [
{
"digest": {
"length": 588.0,
"function_hash": "26157112456646219037242013414574115420"
},
"deprecated": false,
"signature_type": "Function",
"id": "ASB-A-161149543-1252d454",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/1692babe5e60b4e10f23d4960455ccbff6616ba3",
"target": {
"function": "updateLockScreenTimeout",
"file": "services/core/java/com/android/server/policy/PhoneWindowManager.java"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"110296684141808678684021330201123592140",
"132356450257849742953062358954520295662",
"154809401863724267218166157270996940920",
"149139943970841709575029173070530583599",
"58802991114357024480375150965637399893",
"125091519876953792970122920225599640127",
"166846741850853768415146020153054657854",
"170990589830754137692470038175414425508",
"315474462340662722823114123202737043157",
"115153995672427717755590657865936898035",
"117868206297434497273464189127627886697",
"329696182419953449747700532632314048659",
"171498306297171837643959394816452619134",
"162793250209821021751069352410584053381",
"146599598161750512561113595922270640676",
"177846352663443045193341583161698699370",
"80653375123577783371946402788916196249",
"70688700142308229714148814027431868371"
]
},
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "services/core/java/com/android/server/policy/PhoneWindowManager.java"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/1692babe5e60b4e10f23d4960455ccbff6616ba3",
"id": "ASB-A-161149543-a49a0b9a"
},
{
"digest": {
"length": 263.0,
"function_hash": "150325954876305094094106885358233961885"
},
"deprecated": false,
"signature_type": "Function",
"id": "ASB-A-161149543-cee9105f",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/1692babe5e60b4e10f23d4960455ccbff6616ba3",
"target": {
"function": "run",
"file": "services/core/java/com/android/server/policy/PhoneWindowManager.java"
}
},
{
"digest": {
"length": 271.0,
"function_hash": "138995477143525658020805310948159355172"
},
"deprecated": false,
"signature_type": "Function",
"id": "ASB-A-161149543-d91280a8",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/1692babe5e60b4e10f23d4960455ccbff6616ba3",
"target": {
"function": "lockNow",
"file": "services/core/java/com/android/server/policy/PhoneWindowManager.java"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/1692babe5e60b4e10f23d4960455ccbff6616ba3"
],
"spl": "2021-09-01"
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 271.0,
"function_hash": "138995477143525658020805310948159355172"
},
"deprecated": false,
"signature_type": "Function",
"id": "ASB-A-161149543-038d61d7",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/1d31270fd256b50c32f7b5f47ca61d1b96c9b4a7",
"target": {
"function": "lockNow",
"file": "services/core/java/com/android/server/policy/PhoneWindowManager.java"
}
},
{
"digest": {
"length": 588.0,
"function_hash": "26157112456646219037242013414574115420"
},
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "updateLockScreenTimeout",
"file": "services/core/java/com/android/server/policy/PhoneWindowManager.java"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/1d31270fd256b50c32f7b5f47ca61d1b96c9b4a7",
"id": "ASB-A-161149543-78f9f016",
"signature_version": "v1"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"115309189732792936565906214280093891428",
"229157340037809237449487996861940247128",
"123470776856715044908176069652625038320",
"149139943970841709575029173070530583599",
"58802991114357024480375150965637399893",
"125091519876953792970122920225599640127",
"166846741850853768415146020153054657854",
"170990589830754137692470038175414425508",
"315474462340662722823114123202737043157",
"115153995672427717755590657865936898035",
"117868206297434497273464189127627886697",
"329696182419953449747700532632314048659",
"171498306297171837643959394816452619134",
"162793250209821021751069352410584053381",
"146599598161750512561113595922270640676",
"177846352663443045193341583161698699370",
"80653375123577783371946402788916196249",
"70688700142308229714148814027431868371"
]
},
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "services/core/java/com/android/server/policy/PhoneWindowManager.java"
},
"signature_version": "v1",
"id": "ASB-A-161149543-8fa3a0b9",
"source": "https://android.googlesource.com/platform/frameworks/base/+/1d31270fd256b50c32f7b5f47ca61d1b96c9b4a7"
},
{
"digest": {
"length": 263.0,
"function_hash": "150325954876305094094106885358233961885"
},
"deprecated": false,
"signature_type": "Function",
"id": "ASB-A-161149543-b5e46146",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/1d31270fd256b50c32f7b5f47ca61d1b96c9b4a7",
"target": {
"function": "run",
"file": "services/core/java/com/android/server/policy/PhoneWindowManager.java"
}
}
],
"severity": "High",
"spl": "2021-09-01",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/1d31270fd256b50c32f7b5f47ca61d1b96c9b4a7"
],
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "High",
"vanir_signatures": [
{
"digest": {
"length": 645.0,
"function_hash": "74038015658894357154343992338667324987"
},
"deprecated": false,
"signature_type": "Function",
"id": "ASB-A-161149543-047c0e77",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/1fc88c383eb7d59b3eee7b0064a4aa80f3dee3ff",
"target": {
"function": "updateLockScreenTimeout",
"file": "services/core/java/com/android/server/policy/PhoneWindowManager.java"
}
},
{
"digest": {
"length": 263.0,
"function_hash": "150325954876305094094106885358233961885"
},
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "run",
"file": "services/core/java/com/android/server/policy/PhoneWindowManager.java"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/1fc88c383eb7d59b3eee7b0064a4aa80f3dee3ff",
"id": "ASB-A-161149543-094748f6"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"83294065643958449406529921329867526582",
"77897212903232999051681698149966879511",
"315252188664395093098679600340521514184",
"149139943970841709575029173070530583599",
"58802991114357024480375150965637399893",
"125091519876953792970122920225599640127",
"166846741850853768415146020153054657854",
"170990589830754137692470038175414425508",
"315474462340662722823114123202737043157",
"115153995672427717755590657865936898035",
"117868206297434497273464189127627886697",
"329696182419953449747700532632314048659",
"171498306297171837643959394816452619134",
"100972395155472047536397767717712125297",
"299975538857533994948103913983358902953",
"333985421371425194719111149127907094429",
"44036234350141183695055486435833539310",
"158358897617130652935667504487149971305",
"20744152542465715433779227326274216742"
]
},
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "services/core/java/com/android/server/policy/PhoneWindowManager.java"
},
"signature_version": "v1",
"id": "ASB-A-161149543-8134961c",
"source": "https://android.googlesource.com/platform/frameworks/base/+/1fc88c383eb7d59b3eee7b0064a4aa80f3dee3ff"
},
{
"digest": {
"length": 271.0,
"function_hash": "138995477143525658020805310948159355172"
},
"deprecated": false,
"signature_type": "Function",
"id": "ASB-A-161149543-b88997f5",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/1fc88c383eb7d59b3eee7b0064a4aa80f3dee3ff",
"target": {
"function": "lockNow",
"file": "services/core/java/com/android/server/policy/PhoneWindowManager.java"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/1fc88c383eb7d59b3eee7b0064a4aa80f3dee3ff"
],
"spl": "2021-09-01"
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "High",
"spl": "2021-09-01",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/9c8b1512a532478dea055d82ad6a49d53a9f31b1"
],
"vanir_signatures": [
{
"digest": {
"length": 263.0,
"function_hash": "150325954876305094094106885358233961885"
},
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "run",
"file": "services/core/java/com/android/server/policy/PhoneWindowManager.java"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/9c8b1512a532478dea055d82ad6a49d53a9f31b1",
"id": "ASB-A-161149543-22d83928"
},
{
"digest": {
"length": 645.0,
"function_hash": "74038015658894357154343992338667324987"
},
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "updateLockScreenTimeout",
"file": "services/core/java/com/android/server/policy/PhoneWindowManager.java"
},
"signature_version": "v1",
"id": "ASB-A-161149543-7775101f",
"source": "https://android.googlesource.com/platform/frameworks/base/+/9c8b1512a532478dea055d82ad6a49d53a9f31b1"
},
{
"digest": {
"length": 271.0,
"function_hash": "138995477143525658020805310948159355172"
},
"deprecated": false,
"signature_type": "Function",
"id": "ASB-A-161149543-82712f05",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/9c8b1512a532478dea055d82ad6a49d53a9f31b1",
"target": {
"function": "lockNow",
"file": "services/core/java/com/android/server/policy/PhoneWindowManager.java"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"83294065643958449406529921329867526582",
"77897212903232999051681698149966879511",
"315252188664395093098679600340521514184",
"149139943970841709575029173070530583599",
"58802991114357024480375150965637399893",
"125091519876953792970122920225599640127",
"166846741850853768415146020153054657854",
"170990589830754137692470038175414425508",
"315474462340662722823114123202737043157",
"115153995672427717755590657865936898035",
"117868206297434497273464189127627886697",
"329696182419953449747700532632314048659",
"171498306297171837643959394816452619134",
"100972395155472047536397767717712125297",
"299975538857533994948103913983358902953",
"333985421371425194719111149127907094429",
"44036234350141183695055486435833539310",
"158358897617130652935667504487149971305",
"20744152542465715433779227326274216742"
]
},
"deprecated": false,
"signature_type": "Line",
"id": "ASB-A-161149543-b1838aa9",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/9c8b1512a532478dea055d82ad6a49d53a9f31b1",
"target": {
"file": "services/core/java/com/android/server/policy/PhoneWindowManager.java"
}
}
]
}